Results 1 to 2 of 2
  1. #1
    Join Date
    Oct 2003

    Question Unanswered: Help on Passing Dates through Querystring

    I am creating following query using input from the web form.

    ssql = "Select * from vehtran where repdate between #" cdate(txtdtfrom.text) & "# and #" cdate(txtdtto.text) & "# and Status = 'Rep'"

    When I then passing this sql string to another web form which will display the search results through following code

    Response.redirect("DispRec.aspx?ssql=" & ssql )

    However when I am retrieve this sql query in DispRec.aspx, it gives me following Select query which is wrong

    Select * from Vehtran where repdate between #11/19/06 and 11/21/06 and Status = 'Rep' - Assuming that txtdtfrom contains date '11/19/06' and txtdtto contains date '11/21/06'.

    Can any one guide me what is wrong in passing the querystring ?

    When I view this query string in the same web form it is displayed properly as under

    Select * from Vehtran where repdate between #11/19/06# and #11/21/06# and Status = 'Rep'

    Help in this regards is highly appreciated.



  2. #2
    Join Date
    Dec 2006
    The hash symbol is a special URI character and so would have to be escaped to use it in the query string. (or you could post it via a form)

    Not really a good idea to pass the entire SQL string anyway, would be better to just pass the parameters and let your results page create it. Otherwise you could get all sorts of SQL querys being passed (inserts, updates, deletes etc) by mischevous users.

    PS: The % symbol is also reserved for denoting escaped values so you would also get problems sending SQL containing wildcards via the query string. IE ...Where Name Like '%jam%'...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts